Scribd
Upload
696 views2 pages

Audit in A CIS Environment 5

The document discusses two approaches to IT auditing: 1. The black-box approach focuses only on inputs and outputs without examining the internal processing. Auditors assume correct processing if the inputs match the outputs. 2. The white-box approach examines both the internal processes and controls. Auditors may use computer audit software to access internal processing. The document also outlines some commonly used computer-assisted audit techniques (CAATs) like test data, integrated test facilities, parallel simulation, snapshots, and systems control audit review files (SCARF).

Uploaded by

Shyrine Ejem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
696 views2 pages

Audit in A CIS Environment 5

The document discusses two approaches to IT auditing: 1. The black-box approach focuses only on inputs and outputs without examining the internal processing. Auditors assume correct processing if the inputs match the outputs. 2. The white-box approach examines both the internal processes and controls. Auditors may use computer audit software to access internal processing. The document also outlines some commonly used computer-assisted audit techniques (CAATs) like test data, integrated test facilities, parallel simulation, snapshots, and systems control audit review files (SCARF).

Uploaded by

Shyrine Ejem
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Auditing in a CIS Environment

Discuss on the two different IT audit approaches:


a. Black-box approach
It is also called “Auditing around the computer” wherein the auditor concentrates on
input
and output and ignores the specifics of how computer process the data or transactions.
If input matches the output, the auditor assumes that the processing of transaction or
data must have been correct.

b. white-box approach
In white-box approach or auditing through the computer, the processes and control
surrounding the subject are not only subject to audit but also the processing controls
operating over this process are investigated. In order to help the auditor to gain access
these processes computer. Audit software may be used.

Research on the most commonly used Computer assisted audit techniques (CAATs)
1. Test Data
Is data in which it has been specifically identified to be used to test the
effectiveness and existence of controls built into an application program used by
audit client. As such, dummy transactions are processed through the client’s
computerized system.

2. Integrated test facility


It creates a fictitious entity in a database to process test transactions a
simultaneously with live input. It can be used to incorporate test transactions into
normal production run of a system. During periodic testing, it does not require a

separate test process.

3. Parallel simulation
It is a process of simulating data processing with a set of data from client
is
and comparing the results of simulation with that of client’s results. Its advantage
that transactions from throughout period may be reprocessed in order to ensure

that edit checks or controls have been applied during the period.

4. Snapshots
Auditing in a CIS Environment

Are means through which each step of data processing is stored and an a
recalled. It also allows the auditor to freeze a program at a given point. It involves
installation of a snapshot software at critical processing points of an application
or
system or taking a picture of a transaction as it flows through the system.

5. Systems control audit review files (SCARF)


This involves embedding audit software modules within an application
system to provide continuous monitoring of the system’s transactions. This
information is collected into a special computer file that the auditors can examine.

You might also like